RHSA-2026:3105
Vulnerability from csaf_redhat - Published: 2026-02-23 17:14 - Updated: 2026-03-12 12:42Summary
Red Hat Security Advisory: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1
Notes
Topic
Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Kiali 2.11.7, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.7, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3105",
"url": "https://access.redhat.com/errata/RHSA-2026:3105"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3105.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-03-12T12:42:30+00:00",
"generator": {
"date": "2026-03-12T12:42:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3105",
"initial_release_date": "2026-02-23T17:14:20+00:00",
"revision_history": [
{
"date": "2026-02-23T17:14:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:14:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-12T12:42:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ae044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Acda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ab180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:14:20+00:00",
"details": "See Kiali 2.11.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3105"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…